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Q2 


Does the draft guidance cover the relevant issues about the right of access? 


© Yes 


rs 
| j] 
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_) No 
©) Unsure / don't know 
If no or unsure/don’t know, what other issues would you like to be covered in it? 


Does the draft guidance contain the right level of detail? 


Yes 


C) 
© No 
C) Unsure / don't know 


If no or unsure/don't know, in what areas should there be more detail within the draft 
guidance? 


Generally the draft guidance contains a lot of detail, but there are a couple of areas where it falls short. 
For example, in the section where it refers to an individual not having mental capacity to act, it states "it is 
reasonable to assume that an attorney with authority to manage the property and affairs of an individual 
has the appropriate authority to make a SAR on their behalf"; does that mean that an individual who has 
been given power of attorney to manage property and affairs could make a SAR for all information 
regarding that individual, whether or not it falls within the scope of their powers (if an individual has 
authority to manage property and affairs | would expect any SAR to be limited to information regarding 
property and affairs and nothing broader). This seems to overreach the power that has been granted to 
them and could allow the attorney access - via the back door - to information which should be kept 
confidential. Further clarification is required on this. 


Q3 


Does the draft guidance contain enough examples? 
O) Yes 
© No 
©) Unsure / don't know 


If no or unsure/don’t know, please provide any examples that think should be included in 
the draft guidance. 


More examples in relation to the exemptions would be useful, in particular in relation to the "management 
information" and "negotiations" exemptions. For example, if management is making a decision about 
how to respond and deal with a dispute with an employee or a customer, presumably this would be 
caught (until the dispute has been resolved) but, if the request is made after the dispute the information 
would be disclosable. 


Q4 We have found that data protection professionals often struggle with applying and 
defining ‘manifestly 


unfounded or excessive’ subject access requests. We would like to include a wide 
range of examples 

from a variety of sectors to help you. Please provide some examples of manifestly 
unfounded and excessive 

requests below (if applicable). 


An individual that has a grievance with a club makes a subject access request. The 
club responds to the request and withholds/redacts third party personal data. The 
individual, unhappy that information has been redacted or withheld, makes a 
number of other subject access requests, all of which cover the same information 
that has already been provided. The club responds that it has already responded to 


the request as best it can and that any further requests for the same information will 
be refused on the grounds that it is excessive. 


Q5 Ona scale of 1-5 how useful is the draft guidance? 


3- 
1-Notatall 2-—Slightly Moderately 4-—Very 5- Extremely 


useful useful useful useful useful 


© 


Q6 Why have you given this score? 


Useful examples from a practical point of view. 


Q7 To what extent do you agree that the draft guidance is clear and easy to understand? 


Strongly Neither agree Strongly 
disagree Disagree nor disagree Agree agree 


© 


Q8 Please provide any further comments or suggestions you may have about the draft 
guidance. 


No further comments 


Q9 Are you answering as: 


ey An individual acting in a private capacity (eg someone providing their views as a 
— member of the public) 


© An individual acting in a professional capacity 
©.) On behalf of an organisation 

©) Other 

Please specify the name of your organisation: 
Rollits 


Q10 How did you find out about this survey? 
©) ICO Twitter account 
©) ICO Facebook account 
©) ICO LinkedIn account 
© ICO website 
©) ICO newsletter 
|) ICO staff member 
|) Colleague 
©) Personal/work Twitter account 
() Personal/work Facebook account 
©) Personal/work LinkedIn account 
©) Other 


Thank you for taking the time to complete the survey 


